It’s two days in a row that I received a “phishing scam email” from the same sender this week. I don’t know if I’m targeted or where they get my email address from. I actually almost fall for it because when I check the sender’s email address it shows the official email address of Metrobank Direct Philippines.
Here’s the screenshot of the email:
Here’s another email that seems legit. I received it today (2/27/2017) and they know that MetroBankDirect is currently offline which intensifies its effect to unsuspecting victims.
At first glance, it seems that the letter is legit but if you will look closely there’s a difference in the official email and the phishing one. Usually scam like this is auto-generated and they still don’t have your data yet. That’s why they don’t have your name in the salutation area of the email. Official notice from your bank usually address you with your name in their emails.
Aside from this obvious difference, the Sign On link in the letter above doesn’t point to the official domain of the bank. Usually phishing scammers use different website to collect your private data. They also design the page to look like the official website.
Email provider like Gmail and Hotmail usually detect this kind of scam. As you can see from the screenshot, the email host notify me that the “sender failed their fraud detection…” but it didn’t actually block the email. So, if you are the target of this email, you still have the last “click” on this matter.
I’m sharing this to you guys so that if in case you encounter this kind of scam, you will already know what to do.
Here are other things that you can do to avoid phishing scammers:
- Make sure that you make your online transaction in the official domain of your bank. Get the website address from them and type it yourself in the address bar to be sure that you are visiting the legitimate site. Legit sites are served via secure SSL (https://example.com).
- Avoid visiting your bank by clicking links from your email or social media accounts.
- Don’t share your email address used for banking online in public websites or social media if it can be done. Phishers usually scraped this email from these sites.
- Activate the two-authentication feature of your bank if there’s any. Usually its a feature that let you specify your official cellphone number to be contacted whenever you log-in. Their system will send a one-time password (OTP) that is required before you can access your online account. At least this will secure your account in case they got your normal password. It’s the second layer of protection for your account. Of course, inform your bank that you’re the only one who can change the official number at their office to protect it from being changed.
- Inform your bank if you’re a victim of the phishing scam and your information was compromised. They will do something to protect you from further damage.
- Lastly, if you’re not sure about the transaction indicated in the email, call your bank and verify it to them.